Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/7AUCOp8doWAnFtkF84ohyXaw_V8.roa
File:                     7AUCOp8doWAnFtkF84ohyXaw_V8.roa (raw, json)
Hash identifier:          1Aa9w+YLf7szXydvZ6yQdvFkVOWBB1ppD9PDcmJ0bOM=
Subject key identifier:   EC:05:02:3A:9F:1D:A1:60:27:16:D9:05:F3:8A:21:C9:76:B0:FD:5F
Certificate issuer:       /CN=3919f2ad91584baff0467447bac8fb978d1f9dd3
Certificate serial:       018CC349064C221453932700874DBD965AF3
Authority key identifier: 39:19:F2:AD:91:58:4B:AF:F0:46:74:47:BA:C8:FB:97:8D:1F:9D:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/7AUCOp8doWAnFtkF84ohyXaw_V8.roa
Signing time:             Mon 01 Jan 2024 04:29:51 +0000
ROA not before:           Mon 01 Jan 2024 04:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24667
IP address blocks:        213.161.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:06:4c:22:14:53:93:27:00:87:4d:bd:96:5a:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3919f2ad91584baff0467447bac8fb978d1f9dd3
        Validity
            Not Before: Jan  1 04:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec05023a9f1da1602716d905f38a21c976b0fd5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c7:5b:ed:fe:e6:d7:7f:69:86:79:ef:7e:5e:
                    f1:69:a6:08:37:df:44:d4:35:d7:11:3c:d0:aa:a7:
                    5a:85:73:72:30:47:ab:cc:f6:4c:10:ec:06:e6:ec:
                    03:f7:dd:cc:2f:d7:7f:a0:14:67:c9:a8:9d:fa:7b:
                    94:8e:d2:79:80:1e:27:36:17:e3:6b:e5:2e:fb:11:
                    1d:1b:6e:fe:99:af:a0:39:45:6e:96:b0:44:19:b6:
                    23:f8:e8:80:8b:19:82:ba:bd:39:4b:d7:32:89:d7:
                    27:46:5a:32:5f:a4:e2:93:5d:02:d0:38:4b:91:18:
                    2f:3c:ea:0a:68:9c:9d:b8:18:6b:90:bd:e2:b3:a6:
                    1f:cf:09:9f:72:2a:d0:6a:78:06:e5:f6:39:af:a4:
                    cc:a6:ea:00:31:3c:f1:ff:cb:3b:fe:41:1f:55:c3:
                    f7:e2:c1:c4:56:ba:bd:e7:c3:63:aa:cf:8c:32:c0:
                    09:d0:97:8c:a8:af:e1:7f:85:ec:4b:c2:5c:05:e3:
                    71:70:2a:e2:65:23:ca:d2:6a:14:dd:3c:78:cf:97:
                    3e:d3:b8:01:54:cf:67:99:0e:9a:06:cb:34:19:1b:
                    3e:77:72:0f:82:ec:c7:36:b3:b4:3d:8b:8f:df:47:
                    f3:4d:45:68:61:57:86:d4:77:30:54:e5:55:7f:0d:
                    df:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:05:02:3A:9F:1D:A1:60:27:16:D9:05:F3:8A:21:C9:76:B0:FD:5F
            X509v3 Authority Key Identifier:
                keyid:39:19:F2:AD:91:58:4B:AF:F0:46:74:47:BA:C8:FB:97:8D:1F:9D:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/7AUCOp8doWAnFtkF84ohyXaw_V8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.161.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:6d:22:5a:2e:0a:e0:55:31:f5:ec:14:0b:a8:76:78:93:e4:
         b0:f6:f6:73:53:f5:5f:3d:77:f2:50:86:b1:2f:e6:7e:e3:f0:
         de:b6:ff:f7:c9:be:f0:40:59:da:b6:1e:34:86:44:6d:1e:e7:
         60:dc:c5:9b:18:95:72:9f:30:4a:55:2e:96:66:75:98:2e:b3:
         d0:18:56:62:36:d2:a9:84:17:0d:95:25:d6:06:9f:57:63:7b:
         ec:64:9a:cc:2d:50:33:88:c2:ac:41:52:dc:01:3f:ed:5d:52:
         2c:8d:9f:e0:34:e2:61:92:11:95:70:b8:1c:ec:56:19:c4:23:
         67:a8:70:9c:f0:28:b8:8f:f8:c0:7d:62:74:db:81:f7:1e:3c:
         62:ad:3e:9f:29:59:3b:5e:bc:ff:49:aa:23:86:e3:0e:ed:7d:
         6a:f0:0e:0b:d5:65:05:68:d9:8a:20:9f:99:a7:77:1c:47:b0:
         42:22:97:a1:04:0f:85:36:7e:59:39:ce:65:d6:f7:8e:f5:a5:
         ad:20:48:96:df:58:d6:b5:58:ca:6b:87:9a:57:d6:cb:c0:ac:
         01:87:0d:06:32:ac:00:5b:92:19:0e:9e:ad:e2:6a:72:d8:57:
         0f:8a:a3:4c:6e:72:62:b7:21:e6:ca:cc:6c:3d:a5:3f:0b:27:
         ab:d4:a4:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSQZMIhRTkycAh029llrzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MTlmMmFkOTE1ODRiYWZmMDQ2NzQ0N2JhYzhmYjk3OGQx
ZjlkZDMwHhcNMjQwMTAxMDQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzA1MDIzYTlmMWRhMTYwMjcxNmQ5MDVmMzhhMjFjOTc2YjBmZDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsdb7f7m139phnnvfl7xaaYIN99E
1DXXETzQqqdahXNyMEerzPZMEOwG5uwD993ML9d/oBRnyaid+nuUjtJ5gB4nNhfj
a+Uu+xEdG27+ma+gOUVulrBEGbYj+OiAixmCur05S9cyidcnRloyX6Tik10C0DhL
kRgvPOoKaJyduBhrkL3is6YfzwmfcirQangG5fY5r6TMpuoAMTzx/8s7/kEfVcP3
4sHEVrq958Njqs+MMsAJ0JeMqK/hf4XsS8JcBeNxcCriZSPK0moU3Tx4z5c+07gB
VM9nmQ6aBss0GRs+d3IPguzHNrO0PYuP30fzTUVoYVeG1HcwVOVVfw3f/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOwFAjqfHaFgJxbZBfOKIcl2sP1fMB8GA1UdIwQY
MBaAFDkZ8q2RWEuv8EZ0R7rI+5eNH53TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1JueXJaRllTNl93Um5SSHVzajdsNDBmbmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85MTE4ZTItYWU3NC00YzI0LWE3NzUt
MzJhYTY3MzFjMjkxLzEvN0FVQ09wOGRvV0FuRnRrRjg0b2h5WGF3X1Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85MTE4ZTItYWU3NC00YzI0LWE3NzUtMzJhYTY3MzFjMjkx
LzEvT1JueXJaRllTNl93Um5SSHVzajdsNDBmbmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1aGTMA0G
CSqGSIb3DQEBCwUAA4IBAQBSbSJaLgrgVTH17BQLqHZ4k+Sw9vZzU/VfPXfyUIax
L+Z+4/Detv/3yb7wQFnath40hkRtHudg3MWbGJVynzBKVS6WZnWYLrPQGFZiNtKp
hBcNlSXWBp9XY3vsZJrMLVAziMKsQVLcAT/tXVIsjZ/gNOJhkhGVcLgc7FYZxCNn
qHCc8Ci4j/jAfWJ024H3HjxirT6fKVk7Xrz/SaojhuMO7X1q8A4L1WUFaNmKIJ+Z
p3ccR7BCIpehBA+FNn5ZOc5l1veO9aWtIEiW31jWtVjKa4eaV9bLwKwBhw0GMqwA
W5IZDp6t4mpy2FcPiqNMbnJityHmysxsPaU/Cyer1KQo
-----END CERTIFICATE-----